Facebook recently revealed that their employees had access to many Facebook users’ passwords due to their faulty data storage systems, though the issue is also said to have been resolved.
Passwords stored in the login systems were supposed to be masked and made unreadable, but somehow a large number of passwords ended up in a readable format. While the issue has been fixed, Facebook made sure that they’ll notify users whose passwords have been readable as a security measure. According to Facebook, the number will be around hundreds of millions of Facebook Lite users, tens of millions of Facebook users and tens of thousands of Instagram users.
“To be clear, these passwords were never visible to anyone outside of Facebook and we have found no evidence to date that anyone internally abused or improperly accessed them,” wrote Pedro Canahuati, Facebook’s VP in Engineering, Security and Privacy.
To further reassure their users, the company also explained the process of password protection which uses cryptography. The passwords are “hashed” and “salted”, and instead of appearing in plain text forms, they are replaced by random sets of characters.
Facebook also made it clear that they’ve also included security measures when it comes to account protection. The company utilises different signals to detect unusual activities and often update themselves with data breach news and database of stolen credentials to ensure that their users are not affected; if they are, Facebook proceed to inform its users and guide them to change their passwords. For a stronger security measure, Facebook users can also register physical security keys to login to their accounts.
Although the company did not find any evidence of data abuse, users were encouraged to change their passwords and enable a security key/two-factor authentication to better secure their accounts.